Microsoft has alerted organizations to a high-severity vulnerability, CVE-2025-53786, affecting hybrid deployments of Exchange Server. The flaw allows attackers with administrative access to an on-premises Exchange server to escalate privileges within a connected cloud environment.
According to Microsoft, the risk comes from the shared service principal between Exchange Server and Exchange Online in hybrid configurations, which can make unauthorized access harder to detect.
The issue, discovered by Dirk-jan Mollema of Outsider Security, has been patched in Exchange Server 2016, 2019, and the Subscription Edition RTM. Microsoft noted that while the vulnerability has not yet been exploited in the wild, exploitation is considered likely.
CISA also issued an alert urging organizations to apply the patch or mitigations immediately, warning that failure to do so could expose systems to complete domain compromise across cloud and on-premise environments.
Microsoft also reminded users of upcoming changes to hybrid Exchange setups. Beginning August 2025, Exchange Web Services traffic using the shared service principal will be temporarily blocked to encourage migration to a dedicated Exchange hybrid app, aimed at enhancing security.
Exchange Server continues to be a common target for attackers, with 17 vulnerabilities listed in CISA’s Known Exploited Vulnerabilities catalog since 2018.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
